From: Paul Moore <[email protected]>
To: Jens Axboe <[email protected]>
Cc: Casey Schaufler <[email protected]>,
Ankit Kumar <[email protected]>,
[email protected], [email protected]
Subject: Re: [PATCH] Smack: Provide read control for io_uring_cmd
Date: Fri, 26 Aug 2022 11:15:41 -0400 [thread overview]
Message-ID: <CAHC9VhQ2gVEuHe_mhkv7=Ju8co1L+aQ7=WAR_CpmJ7wS8=0+0g@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
On Tue, Aug 23, 2022 at 8:07 PM Jens Axboe <[email protected]> wrote:
> On 8/23/22 6:05 PM, Paul Moore wrote:
> > On Tue, Aug 23, 2022 at 7:46 PM Casey Schaufler <[email protected]> wrote:
> >>
> >> Limit io_uring "cmd" options to files for which the caller has
> >> Smack read access. There may be cases where the cmd option may
> >> be closer to a write access than a read, but there is no way
> >> to make that determination.
> >>
> >> Signed-off-by: Casey Schaufler <[email protected]>
> >> --
> >> security/smack/smack_lsm.c | 32 ++++++++++++++++++++++++++++++++
> >> 1 file changed, 32 insertions(+)
> >>
> >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> >> index 001831458fa2..bffccdc494cb 100644
> >> --- a/security/smack/smack_lsm.c
> >> +++ b/security/smack/smack_lsm.c
> >
> > ...
> >
> >> @@ -4732,6 +4733,36 @@ static int smack_uring_sqpoll(void)
> >> return -EPERM;
> >> }
> >>
> >> +/**
> >> + * smack_uring_cmd - check on file operations for io_uring
> >> + * @ioucmd: the command in question
> >> + *
> >> + * Make a best guess about whether a io_uring "command" should
> >> + * be allowed. Use the same logic used for determining if the
> >> + * file could be opened for read in the absence of better criteria.
> >> + */
> >> +static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
> >> +{
> >> + struct file *file = ioucmd->file;
> >> + struct smk_audit_info ad;
> >> + struct task_smack *tsp;
> >> + struct inode *inode;
> >> + int rc;
> >> +
> >> + if (!file)
> >> + return -EINVAL;
> >
> > Perhaps this is a better question for Jens, but ioucmd->file is always
> > going to be valid when the LSM hook is called, yes?
>
> file will always be valid for uring commands, as they are marked as
> requiring a file. If no valid fd is given for it, it would've been
> errored early on, before reaching f_op->uring_cmd().
Hey Casey, where do things stand with this patch? To be specific, did
you want me to include this in the lsm/stable-6.0 PR for Linus or are
you planning to send it separately? If you want me to send it up, are
you planning another revision?
There is no right or wrong answer here as far as I'm concerned, I'm
just trying to make sure we are all on the same page.
--
paul-moore.com
next prev parent reply other threads:[~2022-08-26 15:22 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20220719135821epcas5p1b071b0162cc3e1eb803ca687989f106d@epcas5p1.samsung.com>
2022-07-19 13:52 ` [PATCH liburing 0/5] Add basic test for nvme uring passthrough commands Ankit Kumar
[not found] ` <CGME20220719135832epcas5p31bb7df7c931aba12454b6f16c966a7c8@epcas5p3.samsung.com>
2022-07-19 13:52 ` [PATCH liburing 1/5] configure: check for nvme uring command support Ankit Kumar
[not found] ` <CGME20220719135834epcas5p2f63a49277322756394f19e23a1c4e4ce@epcas5p2.samsung.com>
2022-07-19 13:52 ` [PATCH liburing 2/5] io_uring.h: sync sqe entry with 5.20 io_uring Ankit Kumar
[not found] ` <CGME20220719135835epcas5p2284cbb16a28c4290d3a886449bc7a6d8@epcas5p2.samsung.com>
2022-07-19 13:52 ` [PATCH liburing 3/5] nvme: add nvme opcodes, structures and helper functions Ankit Kumar
[not found] ` <CGME20220719135836epcas5p3f28b20cab964ced538d5a7fdfe367bb4@epcas5p3.samsung.com>
2022-07-19 13:52 ` [PATCH liburing 4/5] test: add io_uring passthrough test Ankit Kumar
[not found] ` <CGME20220719135837epcas5p1eb4beb20bdfbdaaa7409d7b1f6355909@epcas5p1.samsung.com>
2022-07-19 13:52 ` [PATCH liburing 5/5] test/io_uring_passthrough: add test case for poll IO Ankit Kumar
2022-08-12 0:43 ` [PATCH liburing 0/5] Add basic test for nvme uring passthrough commands Casey Schaufler
2022-08-12 1:51 ` Jens Axboe
2022-08-12 15:33 ` Paul Moore
2022-08-12 16:03 ` Casey Schaufler
2022-08-13 11:35 ` Kanchan Joshi
2022-08-23 23:46 ` [PATCH] Smack: Provide read control for io_uring_cmd Casey Schaufler
2022-08-24 0:05 ` Paul Moore
2022-08-24 0:07 ` Jens Axboe
2022-08-26 15:15 ` Paul Moore [this message]
2022-08-26 16:53 ` Casey Schaufler
2022-08-26 18:59 ` Paul Moore
2022-08-26 19:04 ` Casey Schaufler
2022-08-26 19:10 ` Paul Moore
2022-08-26 19:31 ` Casey Schaufler
2022-08-27 15:59 ` Kanchan Joshi
2022-08-29 16:20 ` Casey Schaufler
2022-08-30 13:08 ` Joel Granados
2022-08-30 14:16 ` Casey Schaufler
2022-08-31 7:15 ` Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhQ2gVEuHe_mhkv7=Ju8co1L+aQ7=WAR_CpmJ7wS8=0+0g@mail.gmail.com' \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox